Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS configuration not working for login controller? #4

Closed
cbll opened this issue Nov 27, 2017 · 1 comment
Closed

CORS configuration not working for login controller? #4

cbll opened this issue Nov 27, 2017 · 1 comment

Comments

@cbll
Copy link

cbll commented Nov 27, 2017

This is very much out of scope as I have forked your nice starter and started building something on top of it; to begin with, a login system.

To keep it short, I have created an endpoint at /api/login which calls a method that returns a user + JSON web token(JWT). This works via cURL, however, it does not appear to work when accessing it through the dev server.

The problem is described here: https://stackoverflow.com/questions/47508348/axios-post-throws-network-error-cross-origin-request-blocked

Wondering if you have any ideas?

For example, via cURL I do get the correct response:

Request:

curl -i -H "Content-Type: application/json" -X POST -d '{
        "username": "sysadmin",
        "password": "sysadmin"
        }' http://localhost:8088/api/login

Response:

HTTP/1.1 200
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
X-Application-Context: application:8088
authentication: // Super long JWT string as expected 
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked

But from the frontend via the dev server.

Request:

login ({commit}, authData) {
      AXIOS.post('/api/login', {
        username: authData.username,
        password: authData.password,
        withCredentials: true
      })
        .then(res => {
          console.log(res)
          commit('authUser', {
            token: res.data.idToken,
            userId: res.data.localId
          })
        })
        .catch(error => console.log(error))
    }

Response:
STATUS 403
Response head:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:access-control-allow-methods, access-control-allow-origin, content-type, crossdomain
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:http://localhost:8080
Allow:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:0
@jonashackt
Copy link
Owner

Hi @cbll seems to quite out of scope right now. I hope to have a look into a login form in the near future, maybe I can help you then. Just out of curiosity: With the latest commits, we don´t need the complex CORS configuration any more to develop locally - this is handles through webpack-dev-server proxy feature. Can you give it a try with that config? Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants